Nancy Libin
Partner
Co-chair, Technology, Communications, Privacy & Security Practice; Chair, Privacy & Security Practice
Companies in a wide range of industries—from technology, communications, media, and entertainment to financial services, energy, retail, and food and beverage—engage Nancy to help them navigate international, federal, and state privacy laws and regulations. Nancy also develops strategies that enable clients to use and share personal data subject to legal frameworks to improve and develop new products and services. Nationally recognized by Chambers & Partners for her leadership and expertise in this area, Nancy takes time to understand each client's business operations and objectives, recognizing that not every company has the same tolerance for risk. Nancy offers practical advice so that clients can manage and use data effectively—and responsibly—to achieve their business goals.
Nancy advises clients on compliance with the Federal Trade Commission (FTC) Act and sector-specific federal privacy laws, such as the Gramm-Leach-Bliley Act (GLBA), the Family Educational Rights and Privacy Act (FERPA), the Children's Online Privacy Protection Act (COPPA), the Wiretap Act, the Electronic Communications Privacy Act (ECPA), the Telecommunications Act (and CPNI regulations), and the Video Privacy Protection Act (VPPA), as well as the EU General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA)—as amended by the California Privacy Rights Act (CPRA)—and other state privacy laws, including state biometric and artificial intelligence (AI) laws.
A former chief privacy and civil liberties officer of the U.S. Department of Justice, and counsel to then-Senator Joe Biden on the Senate Judiciary Committee, Nancy also brings a three-dimensional understanding of law, policy, and strategy that enables her to help clients effectively participate in legislative activity and government proceedings and understand regulatory trends.
Practice Highlights
Advice and counsel
Advocacy
Incident response
Artificial Intelligence
Counseling regarding collection, use, and disclosure of biometric data
Advising media and fintech clients regarding the collection, use, and disclosure of biometric identifiers, including for voice cloning and for authentication and fraud prevention, in compliance with state biometrics laws, comprehensive privacy laws, the EU General Data Protection Regulation (GDPR), and Federal Trade Commission (FTC) guidance. (Ongoing)
Counseling regarding the collection and use of personal data to develop and deploy AI systems
Advising clients regarding the collection and use of personal data to train and fine-tune generative and agentic AI systems, including with respect to laws governing data scraping, sensitive data use and disclosure, and data minimization. (Ongoing)
Counseling regarding the development and deployment of facial recognition technology
Advised technology company regarding its development and deployment of a facial recognition tool, including with respect to use of such tool by law enforcement agencies.
Counseling regarding the use of AI tools by children and teens
Advising clients how to make AI systems available to children and teens, including in educational settings, in compliance with the Children's Online Privacy Protection Act (COPPA), the Family Educational Rights and Privacy Act (FERPA), state student privacy laws, and other state laws regarding children's and teens' privacy and safety. (Ongoing)
Counseling regarding the interplay of AI laws and privacy laws
Advising clients regarding compliance with AI laws, including the EU AI Act and U.S. state AI laws, on the one hand, and privacy laws, on the other hand, including how to reconcile conflicts between the laws. (Ongoing)
Sector-specific Privacy Laws
Advising regarding the risks of sharing video viewing information
Counseling clients regarding the collection of "personally identifiable information"—including information about video content requested or obtained as regulated under the Video Privacy Protection Act (VPPA)—by third-party website tracking technologies. (Ongoing)
Advising regarding compliance with laws governing children's, teens', and students' privacy
Counseling education technology companies and other companies regarding compliance with the COPPA, FERPA, the Protection of Pupil Rights Amendment (PPRA), state student privacy laws, and state laws governing children's and teens' personal data. (Ongoing)
Counseling fintech companies regarding the interplay of state and federal sector-specific privacy laws
Enabling fintech clients to develop and provide products and services by leveraging exceptions in state privacy laws and the Gramm-Leach-Bliley Act (GLBA). (Ongoing)
State Privacy Laws
Developing data governance compliance programs and conducting privacy audits and assessments
Working with clients to develop and implement privacy programs to comply with federal, state, and international privacy laws, including how to reconcile conflicts between multiple laws. Clients include communications companies, technology companies, media companies, equipment manufacturers, healthcare companies, online gaming and entertainment companies, fintech providers, and consumer products companies. (Ongoing)
International Privacy Laws
Counseling regarding cross-border data transfers and compliance with national security laws governing collection and use of personal data
Developing cross-border data transfer mechanisms and advised clients regarding the Foreign Intelligence Surveillance Act (FISA) and other national security laws in connection with same. (Ongoing)
Counseling regarding compliance with the GDPR
Providing advice to clients regarding compliance with the GDPR, including with respect to the interplay between the GDPR and U.S. privacy laws. (Ongoing)
Legislation and Rulemaking
Providing policy advice to companies regarding development of privacy legislation
Counseling clients regarding policy and strategy related to drafting and development of federal and state privacy legislation and testifying before state legislatures regarding proposed legislation. (Ongoing)
Advocating in privacy rulemaking proceedings
Drafting comments on behalf of clients—including companies and trade associations—in federal and state regulatory proceedings, including the Federal Trade Commission, the Federal Communications Commission, the Department of Commerce, and the California Privacy Protection Agency. (Ongoing)
Transactional
Advising clients in connection with mergers and acquisitions and other changes in corporate control
Negotiating and drafting agreements regarding the collection, use, and disclosure of personal data
Drafting and revising agreements, including data protection agreements, and negotiating on behalf of clients with respect to same. (Ongoing)
Admitted to Practice
- District of Columbia
- U.S. Supreme Court
Education
- J.D., Georgetown University Law Center, cum laude
- A.B., History, Harvard University, cum laude
Memberships & Affiliations
- Executive Committee, Davis Wright Tremaine
- Privacy and Civil Liberties Advisory Board, Palantir Technologies Inc., 2013-2022
- Advisory Board, Cybersecurity Law Institute, Georgetown University Law Center, 2014-2016
- Advisory Council, Center for Democracy & Technology, Co-Chair, 2017-2019; Member, 2016-2019
Professional Recognition
- Named as one of "America's Leading Lawyers for Business" by Chambers USA in Privacy & Data Security (Nationwide), 2022-2025
- Named as one of the "Best Lawyers in America" by Best Lawyers in Privacy and Data Security Law, 2025-present
- Named a "Woman in Data" by Global Data Review, 2019
- Named to "Capital Pro Bono Honor Roll" by the D.C. Court of Appeals and the D.C. Superior Court, 2019
- Named to Media, Technology and Telecoms - Cyber Law (including Data Privacy and Data Protection), 2018; Telecoms and Broadcast: Regulatory and Media, Technology and Telecoms: Telecoms and Broadcast: Transactional, 2016, 2017; Cyber Law and Media, Technology and Telecoms - Technology - Data Protection and Privacy, 2016; by "The Legal 500 U.S. Edition"
Background
- Chair, Data Privacy & Cybersecurity Practice, Jenner & Block LLP, Washington, D.C., 2017-2018
- Partner, Data Privacy & Cybersecurity Practice, Jenner & Block LLP, Washington, D.C., 2015-2018
- Partner, Wilkinson Barker Knauer LLP, Washington, D.C., 2012-2015
- Chief Privacy and Civil Liberties Officer, United States Department of Justice, Washington, D.C., 2009-2012
- Counsel, Senator Joseph R. Biden, Jr., United States Senate Judiciary Committee, Washington, D.C., 2007-2009
- Staff Counsel, Center for Democracy & Technology, Washington, D.C., 2005-2006
- Deputy Director of Delegate Strategy and Ballot Access, John Kerry for President, Washington, D.C., 2003-2004
- Associate General Counsel, Financial Industry Regulatory Authority (FINRA, formerly NASD) , Washington, D.C., 1998-2003
- Associate, Howrey & Simon, Washington, D.C., 1993-1998